Advantech WiFi flaws, T-Mobile block attack, UK hospital cyberattack - Cybersecurity Headlines

Summary5 min read

Cybersecurity Headlines – November 29, 2024

In the latest episode of Cyber Security Headlines by the CISO Series, host Steve Prentice delves into a series of pressing cybersecurity issues affecting industries and governments worldwide. This comprehensive summary captures the key discussions, insights, and conclusions from the episode, providing valuable information for those keen on staying informed about the evolving landscape of information security.

1. Advantech WiFi Access Point Vulnerabilities

The episode kicks off with alarming news about significant security flaws discovered in Advantech's industrial-grade WiFi access points. According to Nozomi Networks, a renowned cybersecurity firm, fifty security vulnerabilities have been identified in the Advantech Eki devices. Among these, six vulnerabilities are particularly critical, each boasting a CVSS score of 9.8. These severe flaws could allow attackers to:

Bypass Authentication: Gain unauthorized access to the network.
Execute Elevated Privileges: Run malicious code with high-level permissions.
Implant Backdoors: Establish persistent unauthorized access.
Trigger Denial of Service (DoS): Disrupt network services.
Enable Lateral Movement: Use compromised endpoints as pivot points to penetrate deeper into the network.

Steve Prentice emphasizes the gravity of these vulnerabilities, stating, "These weaknesses could be weaponized to bypass authentication and execute code with elevated privileges" (02:15).

2. T-Mobile Blocks SALT Typhoon Cyber Espionage Attack

In a significant cybersecurity victory, T-Mobile successfully thwarted the SALT Typhoon cyber espionage campaign. Jeff Simon, T-Mobile's Chief Security Officer, addressed the media to clarify misconceptions, highlighting that the company's robust defenses protected sensitive customer information and prevented any service disruptions. The attack originated from a wireline provider's network connected to T-Mobile's infrastructure but was swiftly isolated to prevent further infiltration.

Jeff Simon remarked, "Our defenses managed to protect sensitive customer information and prevented any service disruptions" (04:30).

3. UK Hospital Network Suffers Major Cyberattack

A distressing development unfolded at the Wirral University Teaching Hospital in the United Kingdom, where a cyberattack has severely disrupted operations across four hospitals. Announced on Monday, the attack's repercussions are extensive, forcing the postponement of numerous medical procedures. Patients are advised to visit emergency rooms only for critical emergencies, underscoring the attack's impact on public health services. As of the episode's recording, no group has claimed responsibility, and restoration timelines remain unclear.

Steve Prentice describes the situation as "huge damage resulting in the rescheduling of procedures and limiting patient visits" (05:45).

4. Hoboken, New Jersey Faces Cyberattack Impacting City Services

Another municipal strike was reported in Hoboken, New Jersey, where a cyberattack on Wednesday led to the temporary closure of City Hall and several other essential services, including the municipal court and street sweeping operations. Despite these disruptions, certain services like parking enforcement, waste collection, and recreational programs continued to function. As of now, no ransomware group has claimed responsibility for the attack.

5. Microsoft Patches Critical Vulnerabilities Across Major Platforms

Microsoft has proactively addressed multiple vulnerabilities across its platforms, including Azure, Copilot Studio, and the Partner Networks website. These vulnerabilities predominantly involved privilege escalation issues, allowing unauthenticated attackers to gain elevated network privileges. Notably, the partner.microsoft.com domain had a high-severity improper access control vulnerability deemed exploited. However, Microsoft clarified that no action is required from customers, as patches have been deployed to mitigate these risks.

Steve Prentice notes, "Each of these vulnerabilities has been described as a privilege escalation issue," referencing Microsoft's swift remediation efforts (06:30).

6. European Police Crack Down on Albanian Drug Smuggling via Decrypted Communications

In a remarkable success for law enforcement, European police have dismantled a major Albanian drug smuggling ring by decrypting and analyzing the gang's private communications. Utilizing the SkyECC encrypted chat platform, favored by criminal networks, authorities were able to intercept and decipher critical communications between smugglers and corrupt officials. This operation led to the arrest of 21 individuals, including a former judge, a lawyer, a police officer, and two investigative journalists, as part of an extensive corruption investigation spearheaded by Europol.

7. Critical Flaw Discovered in Project Send File Sharing Application

Cybersecurity researchers at Valnchek have identified a severe vulnerability in the open-source file-sharing application Project Send. With a CVSS score of 9.8, this flaw relates to improper authentication, affecting versions prior to R1720. Exploitation of this vulnerability allows attackers to:

Create Unauthorized Accounts: Bypass security measures to gain access.
Upload Web Shells: Execute malicious scripts on compromised servers.
Embed Malicious JavaScript: Inject harmful code into legitimate processes.

VulnCheck experts suggest that threat actors have been exploiting this vulnerability using exploit code released by Project Discovery and Rapid7 since September 2024, heightening the risk for users of the application.

8. UK Government Under Scrutiny for AI Usage Transparency

The British government faces criticism for its lack of transparency regarding the implementation of artificial intelligence (AI) systems across various departments. Despite mandates requiring public disclosure of AI usage, records indicate that numerous government bodies have failed to register their AI applications. These systems reportedly influence decisions related to benefit payments, immigration enforcement, and have been the subject of dozens of contracts for AI and algorithmic services. The British Home Office has yet to respond to these allegations, raising concerns about accountability and oversight in governmental AI deployment.

Steve Prentice underscores the issue, stating, "Branches of the British government have been less than forthcoming about their use of artificial intelligence systems," highlighting the discrepancy between policy and practice (06:50).

Upcoming Events and Conclusion

The episode wraps up with a brief mention of upcoming events, including Super Cyber Friday on December 6th, focusing on hacking the AI supply chain, and the Week in Review show featuring Edward Fry, head of security at Luminary Cloud. Listeners are encouraged to register via the CISO Series events page.

Steve Prentice concludes by reminding listeners to stay updated with daily cybersecurity headlines available on cisoseries.com.

This episode of Cyber Security Headlines offers a deep dive into some of the most critical and recent cybersecurity incidents, emphasizing the ever-present threats to both private and public sectors. From exposed vulnerabilities in industrial devices to sophisticated cyber espionage attacks and government transparency issues with AI, the discussions provide invaluable insights for cybersecurity professionals and enthusiasts alike.

Loading summary

Transcript3 lines

[00:00]
Steve Prentice
From the CISO series, it's Cybersecurity Headlines.
[00:07]
These are the cybersecurity headlines for Friday, November 29, 2024. I'm Steve Prentice. Patch alert after flaws identified in Advantech Industrial Wi Fi access points, 20 security vulnerabilities have been identified in Advantech Eki Industrial Grade Wireless access point devices, according to cybersecurity company Nozomi Networks. Some of these could be weaponized to bypass authentication and execute code with elevated privileges. Six of these vulnerabilities have been deemed critical with a CVSS score of 9.8, allowing an attacker to obtain persistent access to internal resources by implanting a backdoor, trigger a denial of service condition, and even repurpose infected endpoints as Linux workstations to enable lateral movement and further network penetration. T Mobile confirms SALT Typhoon attack was Blocked as one of the U S based telecommunications companies that was targeted recently by the SALT Typhoon cyber espionage campaign, T Mobile's Chief Security Officer Jeff Simon shared on Wednesday additional information in an attempt to clear up what the company described as misleading media reports. He stated that its defenses managed to protect sensitive customer information and prevented any service disruptions. It was also revealed that the attack originated from a wireline provider's network connected to T Mobile's own network, which was quickly cut off. UK Hospital network postpones procedures after cyberattack Wirral University Teaching Hospital that is Wirral is a public healthcare organization in the United Kingdom that operates four hospitals. The attack on its systems was disclosed on Monday and the disruptions are ongoing. The damage was being described as huge and this has resulted in the rescheduling of procedures and requests for patients to only visit their emergency rooms for the most pressing of emergencies. No group has yet claimed responsibility and no time to restoration has been announced. Hoboken, New Jersey Suffers cyberattack this attack occurred on Wednesday and has resulted in the shuttering of City hall along with many other services including municipal court and street sweeping. Parking enforcement, waste collection and recreational programs will still take place, the city said. No ransomware gang has yet taken credit for this attack, thanks to today's episode's sponsor, Threat Locker do zero day exploits and supply chain attacks keep you up at night? Well, worry no more. You can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware. Visit threatlocker.com that is T H R E A T L O c k e r.com Microsoft fixes vulnerability in three major areas Microsoft has patched vulnerabilities in Azure, Copilot Studio and its Partner Networks website, but no action is required of customers. Each of these vulnerabilities has been described as a privilege escalation issue. Its Partner Network website, specifically the partner.Microsoft.com domain, contained a high severity improper access control vulnerability that allowed an unauthenticated attacker to elevate privileges over a network. This vulnerability has been marked as exploited, but Microsoft would not share additional information. End quote European police decrypt Albanian drug smugglers encrypted communications arrests made European police say they have disrupted a major Albanian drug smuggling gang after decrypting and analyzing private communications between the group and corrupt officials. This is thanks to their access to SkyECC, a Canadian made encrypted chat platform that works with various handsets including iPhones and which has been a favourite of the criminal underworld. Europol revealed that Albanian and Italian authorities have arrested 21 people, including a former judge, a lawyer, a police officer and two investigative journalists as part of a major corruption investigation. Researchers warn of critical flaw in Project Send open source file sharing application Researchers at Valnchek state that a vulnerability with a CVSS score of 9.8 appears to have been exploited by attackers in the wild. This vulnerability is an improper authentication issue that impacts versions before R1720, allowing attackers to create accounts, upload web shells and embed malicious JavaScript. Project Send is an open source file sharing web application. VulnCheck experts believe that threat actors started using the exploit code released by project discovery and Rapid7 since September 2024. UK government failing to list use of AI on mandatory register Branches of the British government and civil service have been less than forthcoming about their use of artificial intelligence systems, even though required to do so by the government. It is allegedly being used by the government to inform decisions on everything from benefit payments to immigration enforcement, and records show public bodies have awarded dozens of contracts for AI and algorithmic services. This despite the government announcing in February this year that the use of the AI Register would now be a requirement for all government departments. The British Home Office has declined to comment thus far. Just another reminder that there will be no live streams today on account of the Thanksgiving long weekend here in the US. But we will be back next Friday, December 6th with Super Cyber Friday where the topic will be hacking the AI supply chain, an hour of critical thinking about what's new and familiar about securing the foundations of your AI applications. That starts at 1pm Eastern, 10am Pacific, and will be followed by our Week in Review show, where we will get expert insights from our guest, Edward Fry, head of security at Luminary Cloud. To register for both, just head on over to the events page@cisoseries.com I'm Steve Prentice, reporting for the CISO series.
[07:07]
Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.